John Kelsey wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> At 09:24 PM 19-07-99 +0100, Ben Laurie wrote:
>
> >So what you are saying is that you'd be happy to run your
> >server forever on an inital charge of 128 bits of entropy
> >and no more randomness ever?
> >
> >Really?
> >
> >This model should work for all the servers in the world, of
> >course (operating from a single initial charge of 128 bits
> >shared between them). Are we all happy?
>
> If the mechanism generating the bits from the seed is
> secure, the seed is not susceptible to compromise anywhere,
> and the seed is large enough that nobody has a nonnegligible
> chance of guessing them, then yes, I would say we all ought
> to be happy.
That's rather more ifs than comfort permits. Which is why people like
real random numbers, of course.
> Suppose I replace your hardware random number generator with
> the ANSI X9.17 key generator, with a totally random 112-bit
> key, and a working timer that increments at least once per
> thousand outputs or so. How will you tell the difference?
> How will an attacker tell the difference? I believe he has
> to break two-key triple-DES to tell the difference, or else
> he has to get inside your device and compromise that key.
>
> Suppose God, in a fit of budget-consciouness, decides to get
> rid of all this wasteful hardware for generating random
> numbers that are necessary for quantum mechanics, and
> instead replaces them with a PRNG with a 256-bit seed. In
> this case, all hardware noise sources are ultimately tapping
> into this same seed and PRNG. How will you, or anyone, tell
> the difference? (This assumes that God can find some good
> pseudorandom function families, of course.)
I have long held that all the supposed quantum randomness is, in fact,
totally deterministic, but behind a one way barrier. At least, I defy
anyone to prove me wrong.
In other words, I agree with you. The important difference is that God's
one way barrier is guaranteed by physics, but your PRNG is just a human
endeavour, and, therefore, in error.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
